Menú
Hispanitat nº 7 Local C
08225, Terrassa (Barcelona)
+34 600 676 872
Soporte Técnico
Lunes-Viernes: 9:30 a 13:30 - 16:30 a 20:00
Sábados a convenir
08225, Terrassa (Barcelona)
Soporte Técnico
Sábados a convenir
Cita de admin en 25 julio, 2019, 9:49 pmConfigure Postfix
After the installation is complete, run the command to configure Postfix:
sudo dpkg-reconfigure postfix
Enter the following values at the prompts, replacing example.com with your own domain name. Use the up arrow and down arrow to move up and down to highlight answers, and Enter to select your answer.
Select OK to proceed.
Choose Internet Site.
System Mail Name: example.com
Root and postmaster mail recipient: root
Other destinations for mail: example.com, localhost.example.com, localhost
Force synchronous updates on mail queue?: No
Local networks: 127.0.0.0/8
Use procmail for local delivery?: No
Mailbox size limit (bytes): 0
Local address extension character: +
Internet protocols to use: allCreate an SSL Certificate
We will create a self-signed SSL certificate to secure incoming and outgoing email connections:
sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 365
sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Answer the questions at the prompts, or just hit [Enter] to leave an answer blank. This command will create two files: mailserver.key and mailserver.crt.
Create a folder for the SSL certificate files:
sudo mkdir /etc/postfix/ssl
Then move the files into this folder:
sudo mv mailserver.key /etc/postfix/ssl
sudo mv mailserver.crt /etc/postfix/ssl
sudo mv cakey.pem /etc/postfix/ssl
sudo mv cacert.pem /etc/postfix/sslSet Up SMTP AUTH
SMTP AUTH is a basic method of securing your mail server. We strongly recommend the use of SMTP AUTH on all mail servers.
To begin, use the following commands to configure Postfix to use SMTP AUTH:
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'Replace example.com with your own domain name:
sudo postconf -e 'myhostname = example.com'
Next, create the file /etc/postfix/sasl/smtpd.conf and open it for editing:
sudo nano /etc/postfix/sasl/smtpd.conf
Add the following content:
pwcheck_method: saslauthd
mech_list: plain loginAfter you have finished configuring Postfix, restart the Postfix daemon with the command:
sudo systemctl restart postfix
Install SASL
Postfix will use SASL to handle the authentication with SMTP AUTH. Now that Postfix has been configured to use SMTP AUTH, install SASL with the command:
sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules
After the installation is done, edit /etc/default/saslauthd:
sudo nano /etc/default/saslauthd
Scroll down to the line:
# Should saslauthd run automatically on startup? (default: no)
START=noChange START to yes:
# Should saslauthd run automatically on startup? (default: no)
START=yesBelow that line, add the following three lines:
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"Scroll down to the bottom of the file to the line:
OPTIONS="-c -m /var/run/saslauthd"
Change the last line to read:
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
Save and exit the file.
Next, run the following command to update the dpkg state:
sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
Note: If you get an error message that /var/spool/postfix/var/run/saslauthd does not exist, ignore it. This directory will be created when you start the SASL daemon.
Create a symlink for the config file:
sudo ln -s /etc/default/saslauthd /etc/saslauthd
And finally, start the SASL daemon:
sudo /etc/init.d/saslauthd start
Test Postfix With Telnet
To test Postfix we will telnet to the server and perform a basic "handshake protocol," just as an email program would.
First, install Telnet:
sudo apt-get install telnet
Once Telnet is installed, use it to connect to the server's SMTP port:
telnet localhost 25
The server will respond with:
[user@localhost ~]$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix (Ubuntu)This indicates that Postfix is up and running.
Next, greet the server:
ehlo localhost
The server will respond with:
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSNThe following lines indicate that SMTP AUTH is working:
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGINStart by telling the server who the mail is being sent from:
mail from: some-person@some-other-server.com
Then tell the server who you are sending mail to, replacing user@example.com with your own username and domain name:
rcpt to: root@example.com
Now add a simple message. Tell the server your message body starts here:
data
Type the message, then follow it with [Enter], a period ., and [Enter]:
hello world
.Close the session by typing quit and hitting Enter.
If you are successful, your test message will appear in /root/Maildir/new. You can view this message with the command:
ll /root/Maildir/new
To read the message, copy and paste the name of the file (it will be a long name like 1482257384.Vfc00I60512M258205.localhost.localdomain) and read it with more:
sudo more 1482257384.Vfc00I60512M258205.localhost.localdomain
You will see the email message, along with all of the header information:
From some-person@some-other-server.com Thu Dec 8 19:43:10 2016
Return-Path: <some-person@some-other-server.com>
X-Original-To: root@example.com
Delivered-To: root@example.com
Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with SMTP id 6CFD589184
for <root@example.com>; Thu, 8 Dec 2016 19:42:33 +0000 (UTC)
Message-Id: <20161208194238.6CFD589184@mail.oxnardindustries.com>
Date: Thu, 8 Dec 2016 19:42:33 +0000 (UTC)
From: some-person@some-other-server.comhello world
Install and Configure Dovecot
Dovecot is the default POP3/IMAP server for Ubuntu, and is installed on most Ubuntu 16.04 servers by default. Update Dovecot and install the imapd package with the command:
sudo apt-get install dovecot-core dovecot-imapd
You can check on the status of Dovecot with the command:
sudo systemctl status dovecot
If Dovecot is running, you will see output similar to:
[user@mail dovecot]$ sudo systemctl status dovecot -l
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago
Process: 8985 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
Main PID: 8989 (dovecot)
CGroup: /system.slice/dovecot.service
├─8989 /usr/sbin/dovecot -F
├─8992 dovecot/anvil
├─8993 dovecot/log
└─8995 dovecot/configDec 08 21:04:48 example.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
Dec 08 21:04:48 example.com systemd[1]: Started Dovecot IMAP/POP3 email server.
Dec 08 21:04:48 example.com dovecot[8989]: master: Dovecot v2.2.10 starting up for imap (core dumps disabled)Note the line that reads:
Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago
This means that Dovecot is installed and running.
Set the permissions on the /var/mail directory so that Dovecot can create folders for new users:
sudo chmod 777 /var/mail
Instruct Postfix to use Maildirs instead of Mboxes:
sudo postconf -e "home_mailbox = Maildir/"
Ensure Procmail isn't used: (if the step was taken during dpkg-reconfigure, by mistake)
sudo postconf -e "mailbox_command = "
Restart Postfix to make changes effect.
sudo /etc/init.d/postfix restart
sudo apt-get install mailutils
An important missing step is to uncomment this line in /etc/postfix/master.cf to use port 587, not 25 for SMTP:
submission inet n - n - - smtpd
Configure Postfix
After the installation is complete, run the command to configure Postfix:
sudo dpkg-reconfigure postfix
Enter the following values at the prompts, replacing example.com with your own domain name. Use the up arrow and down arrow to move up and down to highlight answers, and Enter to select your answer.
Select OK to proceed.
Choose Internet Site.
System Mail Name: example.com
Root and postmaster mail recipient: root
Other destinations for mail: example.com, localhost.example.com, localhost
Force synchronous updates on mail queue?: No
Local networks: 127.0.0.0/8
Use procmail for local delivery?: No
Mailbox size limit (bytes): 0
Local address extension character: +
Internet protocols to use: all
Create an SSL Certificate
We will create a self-signed SSL certificate to secure incoming and outgoing email connections:
sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout mailserver.key -out mailserver.crt -nodes -days 365
sudo openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Answer the questions at the prompts, or just hit [Enter] to leave an answer blank. This command will create two files: mailserver.key and mailserver.crt.
Create a folder for the SSL certificate files:
sudo mkdir /etc/postfix/ssl
Then move the files into this folder:
sudo mv mailserver.key /etc/postfix/ssl
sudo mv mailserver.crt /etc/postfix/ssl
sudo mv cakey.pem /etc/postfix/ssl
sudo mv cacert.pem /etc/postfix/ssl
Set Up SMTP AUTH
SMTP AUTH is a basic method of securing your mail server. We strongly recommend the use of SMTP AUTH on all mail servers.
To begin, use the following commands to configure Postfix to use SMTP AUTH:
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
sudo postconf -e 'inet_interfaces = all'
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtpd_tls_auth_only = no'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/mailserver.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/mailserver.crt'
sudo postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
sudo postconf -e 'tls_random_source = dev:/dev/urandom'
Replace example.com with your own domain name:
sudo postconf -e 'myhostname = example.com'
Next, create the file /etc/postfix/sasl/smtpd.conf and open it for editing:
sudo nano /etc/postfix/sasl/smtpd.conf
Add the following content:
pwcheck_method: saslauthd
mech_list: plain login
After you have finished configuring Postfix, restart the Postfix daemon with the command:
sudo systemctl restart postfix
Install SASL
Postfix will use SASL to handle the authentication with SMTP AUTH. Now that Postfix has been configured to use SMTP AUTH, install SASL with the command:
sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules
After the installation is done, edit /etc/default/saslauthd:
sudo nano /etc/default/saslauthd
Scroll down to the line:
# Should saslauthd run automatically on startup? (default: no)
START=no
Change START to yes:
# Should saslauthd run automatically on startup? (default: no)
START=yes
Below that line, add the following three lines:
PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"
Scroll down to the bottom of the file to the line:
OPTIONS="-c -m /var/run/saslauthd"
Change the last line to read:
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
Save and exit the file.
Next, run the following command to update the dpkg state:
sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
Note: If you get an error message that /var/spool/postfix/var/run/saslauthd does not exist, ignore it. This directory will be created when you start the SASL daemon.
Create a symlink for the config file:
sudo ln -s /etc/default/saslauthd /etc/saslauthd
And finally, start the SASL daemon:
sudo /etc/init.d/saslauthd start
Test Postfix With Telnet
To test Postfix we will telnet to the server and perform a basic "handshake protocol," just as an email program would.
First, install Telnet:
sudo apt-get install telnet
Once Telnet is installed, use it to connect to the server's SMTP port:
telnet localhost 25
The server will respond with:
[user@localhost ~]$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix (Ubuntu)
This indicates that Postfix is up and running.
Next, greet the server:
ehlo localhost
The server will respond with:
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
The following lines indicate that SMTP AUTH is working:
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
Start by telling the server who the mail is being sent from:
mail from: some-person@some-other-server.com
Then tell the server who you are sending mail to, replacing user@example.com with your own username and domain name:
rcpt to: root@example.com
Now add a simple message. Tell the server your message body starts here:
data
Type the message, then follow it with [Enter], a period ., and [Enter]:
hello world
.
Close the session by typing quit and hitting Enter.
If you are successful, your test message will appear in /root/Maildir/new. You can view this message with the command:
ll /root/Maildir/new
To read the message, copy and paste the name of the file (it will be a long name like 1482257384.Vfc00I60512M258205.localhost.localdomain) and read it with more:
sudo more 1482257384.Vfc00I60512M258205.localhost.localdomain
You will see the email message, along with all of the header information:
From some-person@some-other-server.com Thu Dec 8 19:43:10 2016
Return-Path: <some-person@some-other-server.com>
X-Original-To: root@example.com
Delivered-To: root@example.com
Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with SMTP id 6CFD589184
for <root@example.com>; Thu, 8 Dec 2016 19:42:33 +0000 (UTC)
Message-Id: <20161208194238.6CFD589184@mail.oxnardindustries.com>
Date: Thu, 8 Dec 2016 19:42:33 +0000 (UTC)
From: some-person@some-other-server.com
hello world
Install and Configure Dovecot
Dovecot is the default POP3/IMAP server for Ubuntu, and is installed on most Ubuntu 16.04 servers by default. Update Dovecot and install the imapd package with the command:
sudo apt-get install dovecot-core dovecot-imapd
You can check on the status of Dovecot with the command:
sudo systemctl status dovecot
If Dovecot is running, you will see output similar to:
[user@mail dovecot]$ sudo systemctl status dovecot -l
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago
Process: 8985 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
Main PID: 8989 (dovecot)
CGroup: /system.slice/dovecot.service
├─8989 /usr/sbin/dovecot -F
├─8992 dovecot/anvil
├─8993 dovecot/log
└─8995 dovecot/config
Dec 08 21:04:48 example.com systemd[1]: Starting Dovecot IMAP/POP3 email server...
Dec 08 21:04:48 example.com systemd[1]: Started Dovecot IMAP/POP3 email server.
Dec 08 21:04:48 example.com dovecot[8989]: master: Dovecot v2.2.10 starting up for imap (core dumps disabled)
Note the line that reads:
Active: active (running) since Thu 2016-12-08 21:04:48 UTC; 3s ago
This means that Dovecot is installed and running.
Set the permissions on the /var/mail directory so that Dovecot can create folders for new users:
sudo chmod 777 /var/mail
Instruct Postfix to use Maildirs instead of Mboxes:
sudo postconf -e "home_mailbox = Maildir/"
Ensure Procmail isn't used: (if the step was taken during dpkg-reconfigure, by mistake)
sudo postconf -e "mailbox_command = "
Restart Postfix to make changes effect.
sudo /etc/init.d/postfix restart
sudo apt-get install mailutils
An important missing step is to uncomment this line in /etc/postfix/master.cf to use port 587, not 25 for SMTP:
submission inet n - n - - smtpd
© Informàtica Can Boada All rights reserved
